Canadian Thanksgiving long weekend is for crisp autumn walks, time spent with family, and large dinner spreads with second helpings of turkey and pumpkin pie. While most Canadian people sleep off a tryptophan-induced turkey coma, Canadian organizations are jolted awake. These companies often find themselves at the mercy of cybercriminals and data thieves because, during the holiday weekend, threat actors become more active and ramp up their attacks against organizations – particularly those that are closed or understaffed.
To protect themselves, all organizations – in Canada and elsewhere – should be more aware of the risks of cyberattacks during holidays. More importantly, they should take early and proactive steps to reduce cyberattack risks.
Happy Holidays and the Not-so-happy Holiday Cyberattacks
In 2018, security researchers in the U.S. noted almost 900,000 ransomware attacks during the (U.S.) Thanksgiving holiday – a 432% increase over a similar time period in 2017. In July 2021, during Independence Day, at least 1,500 businesses in 17 countries, including Canada, were affected by a ransomware attack on IT firm Kaseya.
In September 2021, the FBI released an advisory warning Americans of potential cyberattacks that may occur over the Labor Day weekend (September 4-6). The alert followed reports of increased cybercrime activity during the Fourth of July holiday (Kaseya) and also earlier in May, during the Memorial Day weekend (the attack on JBS) and Mother’s Day weekend (the attack on Colonial Pipeline).
The advisory urged American businesses to examine their cybersecurity postures and take steps to manage the risk posed by cyber threats like ransomware. Canadians should do the same as well, as the stats show that threat actors are on high alert, looking for ways to infiltrate company systems during the holidays. Threat actors are aware that companies operate on a smaller crew – even IT staff – which creates the best scenario to launch an attack.
Why Do Cyber Attackers Love the Holidays?
In Canada, the USA and many other countries, a long weekend usually means skeletal IT staff. A smaller group of security responders gives attackers more opportunities to attack a company’s infrastructure since they know that the enterprise resources to continuously monitor threats and quickly deter them are just not there.
Once hackers gain initial access to the enterprise network, they escalate privileges to move laterally across the environment and gain maximum control over a maximum number of systems. An enterprise with a small cybersecurity staff will take longer to notice the attack and even longer to remediate or implement damage control. Ultimately, the threat actor can cause some pretty serious damage.
The Ransomware-Holiday Connect
Ransomware attacks are a particularly huge problem during holiday weekends. Many attacked organizations prefer to have their systems unlocked, and their data released immediately rather than wait out the weekend. Further, to minimize long-term risks, ensure business continuity and protect their reputations, they’re more likely to pay out the ransom attackers demand. Cybercriminals know this – and they take full advantage.
Ransomware actors sometimes infiltrate an enterprise system and then spend days or weeks inside before finally launching an attack – often over long weekends. To reduce cyberattack risks, organizations must proactively look for potential points of access within their systems. They must also keep an eye out for suspicious or anomalous traffic patterns to detect potentially dangerous adversaries who may well turn out to be instruments of a serious catastrophe.
How to Reduce Cyberattack Risks During Holidays
Despite these unsettling realities, holiday weekends don’t have to be a cybersecurity disaster for Canadian organizations. Advance planning, a robust cybersecurity strategy and strong cybersecurity controls can help companies reduce cyberattack risks and protect their assets and data. It’s also important to strengthen both human and technical defences during the holidays. One way to do this is through enterprise-wide cybersecurity awareness. Another is to conduct a thorough and detailed penetration test.
A pen test is a powerful way to evaluate the security of the enterprise network through simulated cyber attacks. With the help of expert pen testers like Packetlabs, firms can better understand their cybersecurity posture and implement strong controls to deter attackers – both during holiday weekends and at other times.